Uncategorized

Ransom_HPCERBER.SMONT4(Hosted in France ASN: 16276 (OVH SAS)

Contacts servers via udp : “178.33.158.0:6893” “178.33.158.1:6893” “178.33.158.2:6893” “178.33.158.3:6893” “178.33.158.4:6893” “178.33.158.5:6893” “178.33.158.6:6893” “178.33.158.7:6893” “178.33.158.8:6893” “178.33.158.9:6893” “178.33.158.10:6893” “178.33.158.11:6893” “178.33.158.12:6893” “178.33.158.13:6893” “178.33.158.14:6893” “178.33.158.15:6893” “178.33.158.16:6893” “178.33.158.17:6893” “178.33.158.18:6893” “178.33.158.19:6893” execute command : “taskkill /f /im “c1.exe” > NUL & ping -n 1 127.0.0.1 > NUL & del “C:c1.exe” > NUL && exit” Sample here : hxxp://119.205.220.184/c.exe

WisdomEyes(Hosted In Kazakhstan Almaty Ps Internet Company Llc)

Domain                                IP ejug.bjksfohseaguu.org 185.22.65.81 ipecho.net                 146.255.36.1 rcelafy.bjksfohseaguu.org 185.22.65.81 plipjpuceco.bjksfohseaguu.org 185.22.65.81 uhewu.bjksfohseaguu.org 185.22.65.81 elqzujudynu.bjksfohseaguu.org 185.22.65.81 axonjcedep.bjksfohseaguu.org 185.22.65.81 wtfismyip.com 69.30.217.90 ydeji.bjksfohseaguu.org 185.22.65.81 ytarjrozi.bjksfohseaguu.org 185.22.65.81 sdyfigi.bjksfohseaguu.org 185.22.65.81 ycxjefssozo.bjksfohseaguu.org 185.22.65.81 wmizo.bjksfohseaguu.org 185.22.65.81 amozityxam.bjksfohseaguu.org 185.22.65.81 oxxh.bjksfohseaguu.org 185.22.65.81 ezizzhah.bjksfohseaguu.org

avtobizz.ru(Locky Ransomware Hosted In Romania Craiova Nforce Entertainment B.v.)

Protected by cloudflare but not hard to find the hoster. avtobizz.ru 104.31.89.136 Use hxxp://www.skypeipresolver.net/cloudflare.php to find the real ip. Locky here is hosted by blazinfast.io Logs from infected computers and samples here : hxxp://213.108.44.167/logiplya/ Hosting Infos : http://whois.domaintools.com/185.11.145.10

myfirstdatibon.ru(UDS:DangerousObject.Multi.Generic)

Domain : myfirstdatibon.ru domain:        MYFIRSTDATIBON.RU nserver:       ns1.uldiok.at. nserver:       ns2.uldiok.at. nserver:       ns3.uldiok.at. nserver:       ns4.uldiok.at. state:         REGISTERED, NOT DELEGATED, UNVERIFIED person:        Private Person registrar:     ARDIS-RU admin-contact: http://ardis.ru/whois/ created:       2016.02.20 paid-till: